----- On May 9, 2020, at 4:02 PM, Steve Coleman <stevenlcolema...@gmail.com> wrote:
> On Fri, May 8, 2020 at 7:13 PM Catacombs < ggg...@gmail.com > wrote: >> A Journalist or a Human Rights investigator, I think are more comfortable >> with >> ease of use, not secure. > There is always a trade-off between security and usability for sure. One > trade-off for the non geek users is to enable networking in the software > template so that you can run the "Software" application to pick and choose > your > required desktop applications. The journalist may not know how to use DNF at > the command line but the Software installer will clearly let them pick and > choose from several decent word processors. If only the Software application > used the same proxy method to search the repository for packages then turning > on the networking would not be necessary. The average desktop user would have > a > much easier time installing what they need. > The main thing for them to *not do* is to run any applications in the template > VM itself. Never test things in the template unless you absolutely need to > pre-configure something, and if so, do it with networking turned off if you > have that choice. Clearly this is not easy for a non-geek, but it can be made > a > little easier. >> So, I bet this has been talked about before. As I was doing the upgrade to >> Fedora 31, I realized a Journalist is not likely to be very happy doing that. >> After that, I had to search to find a Text Editor, (Gedit is what I used) A >> Journalist would expect that the things > LibreOffice is what you want for journalists. >> Then I tried to watch a Video. Gee guys, a Journalist just expects this >> stuff to >> work. I , on the other hand, am concerned our mythical investigator not >> realizing the possible security implications of opening what kind of app, >> when. > If you enable rpmfusion repos you will be able to access more video codecs, > but > again that is a security trade-off. > What you can do is have one template with all the DRMed codecs providing for > one > or two AppVMs or DVMs that can run the videos, while keeping the remaining > AppVMs for investigations more secure without all the extra risky additions. > You just have to train them how to open the video URLs in one of the special > VMs. >> Tech people do not think like Journalists of Human Rights Workers, nor vice >> versa. > Perhaps not, but very likely we are trainable. There are some that are both tech and investigators. I personally found Qubes to be a solution I wish I had found long before I did. In fact, for me it was easier to move from Windows (and DOS before that) to Linux as my primary work environment via Qubes rather than just a standalone linux box or VM because it provided two solutions in one - move away from Windows and provide multiple more secure and isolated environments for my work. The technology landscape and associated threat vectors are very fluid and Qubes is part of the foundation for dealing with that. I even go so far as to suggest that Qubes should actually be the default OS for any computer user, but that is unrealistic of course. I cringe at the occasional post that suggests or implies that Qubes is difficult. My background is almost exclusively M$ with the odd *nix appliance thrown in, hardly the foundation for moving essentially cold-turkey to Qubes that, for me, is based on an unfamiliar hypervisor and linux vms. It is a tool, albeit one that is a bit specialized to emphasize security. And like any tool, you have to learn how to use it to maximize its intended purpose. It's not rocket surgery or brain science, but it's also not a toaster. That said, I personally feel that moving to LibreOffice and Thunderbird in the Windows environment many years ago made the transition much easier and more familiar. My prior profession also required that I maintain some level of proficiency at the command/terminal prompt. That can be a big hurdle for people considering the transition to Qubes from Windows. That said, I still struggle with some tasks in Linux for which I have not developed any "muscle memory" for - yet. But it gets easier daily. I see a lot of posters attempting to use Qubes in much the same manner as they might a standalone box and sometimes with less than sterling results. All of that adds to the knowledge base of Qubes, but everything that I have read tells me that being a reasonably secure OS on a computer in a connected, information-centric production environment (as in, making a living) is the primary purpose for its creation. It serves that purpose well in my view. It'll likely not be a gaming box, a screaming video or CAD rendering beast or even support bleeding-edge hardware. Qubes is a serious tool in the very serious and uncompromising world where the bar for what is considered dangerous information is lowered on a daily basis. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2034125749.141173.1589071529895.JavaMail.zimbra%40unseen.is.
